Applies To

  • FIM 2010 (R2)
  • MIM 2016

 


Scenario

Your organization requires SSPR gate registration in multiple languages. We will show how to configure SSPR gate registration in English and French.

 


Requirements

  • A successfully deployed SSPR Gate and Registration Portal.
  • A preferred language populated in the Portal. Here, we have language codes populated in Active Directory and will pull those codes into the Portal.

 


Implementation

1. Verify SSPR operations

Verify SSPR Registration and Reset works prior to customization.

Make sure you can successfully register an account and successfully unlock and/or reset the account. In our situation, we have created English registration questions and we will want to have people with a preferred language of French to have their registration questions in French: 

  

2. Add preferred language attribute to portal schema

 Create new attribute in the Portal to hold the preferred language. We will call the attribute Preferred Language.

  1. Go to Administration
  2. Click on Schema Management
  3. Click on All Attributes
  4. Click on New
  5. System name: PreferredLanguage
  6. Display Name: Preferred Language
  7. Data Type: Indexed string
  8. Click Finish
  9. Click Submit

3. Bind Language attribute to user

 Bind the new Preferred Language attribute to the User resource

  1. Click on All Bindings
  2. Click New
  3. Resource Type: User
  4. Attribute Type: Preferred Language
  5. Click Finish
  6. Click Submit

4. Add language to Admin filter

Add Preferred Language to the Administrator Filter

  1. Click on Administration
  2. Click on Filter Permissions
  3. Click on Administrator Filter Permission
  4. Click on the Permitted Filter Attributes tab
  5. In the Allowed Attributes and click on the object picker
  6. Search for Preferred Language and click the box to the left to select it.
  7. Click OK to add Preferred Language to the Allowed Attributes
  8. Click OK to complete making the change
  9. Click Submit

5. Run the Sync

5.  Run the Synchronization Service Manager

  1. Click on the Metaverse Designer
  2. Click on person
  3. Click on Add Attribute
  4. For the Attribute Name: preferredLanguage
  5. For the Attribute Type: String (indexable)
  6. Check the box for Indexed
  7. Click OK

  8. Click OK in the Add Attribute to Object Type

6. Create mapping fromAD preferredLanguage

Create a mapping from AD preferredLanguage to the Metaverse’s preferredLanguage

  1. Click on the AD MA
  2. Click Properties
  3. Click on Select Attributes and select preferredLanguage
  4. Click on Configure Attribute Flow
  5. Verify the data source object type (on the left) shows user and Metaverse object type (on the right) shows person

  6. In the Data source attribute window select preferredLanguage
  7. In the Metaverse attribute window select preferredLanguage
  8. Verify the Mapping Type is Direct
  9. Verify the Flow Direction is Import

  10. Click on New
  11. Click OK

7. MV to portal mapping for preferredLanguage

7.  Create a mapping from the Metaverse’s preferredLanguage to the MIM Portal’s preferredLanguage

  1. Click on the MIM Management Agent
  2. Click on Properties
  3. Click on Select Attributes and select preferredLanguage
  4. Click on Configure Attribute Flow
  5. Verify the data source object type (on the left) shows person and Metaverse object type (on the right) shows person
  6. In the Data source attribute window select preferredLanguage
  7. In the Metaverse attribute window select preferredLanguage
  8. Verify the Mapping Type is Direct
  9. Verify the Flow Direction is Export
  10. Click on New
  11. Click OK

8. Grant Sync account permissions to update language

 Grant the synchronization account permission to update preferredLanguage

  1. Click on Administration
  2. Click on Management Policy Rules
  3. Click on Synchronization: Synchronization account controls users it synchronizes
  4. Click on the tab Target Resources
  5. In the Select specific attributes, click on the browse icon

  6. In the Select Attributes, select Attribute Type Description in the Search within box
  7. Type preferred language in the Search for box and click search

  8. Click OK to close the Select Attributes window
  9. Click OK

 

9.  Pull preferredLanguage into the metaverse and out to the MIM Portal

  1. Run a full import on the ADMA
  2. Run a full synchronization on the ADMA
  3. Run an export on the MIMMA
  4. Run a delta import on the MIMMA

 

10.  Modify the Password Reset Users Set to a particular languag

We will change the set to specify English, which has the language code EN-US.

  1. Click on Administration
  2. Click on Sets
  3. Click on Password Reset Users Set
  4. Click on Criteria-based Members tab
  5. Select Preferred Language
  6. For the value of Preferred Language enter EN-US

  7. Click OK

11.  Create Password Reset Users (All) Set.

The set will be a criteria-based set representing all password reset users and will be used in the "Password reset users can read password reset objects" MPR

  1. Click on Administration
  2. Click on Sets
  3. Click on New
  4. In the Display Name field enter Password Reset Users (All) Set
  5. Keep the Enable criteria-based membership in current set checked and change the criteria to select all users.
  6. Click Finish
  7. Click Submit

12.  Modify the “Password reset users can read password reset objects" MPR

  1. Click on Administration
  2. Click on Management Policy Rules
  3. Click on Password reset users can read password reset objects
  4. Click on the Requestors and Operations
  5. Change the Specific Set of Requestors to Password Reset Users (All) Set

  6. Click OK
  7. Click Submit

13.  Create Authentication Workflow "Password Reset AuthN FR-FR Workflow"

Step 1

  1. Click on Administration
  2. Click on Workflows
  3. Click on New
  4. In the Workflow Name enter Password Reset AuthN FR-FR Workflow
  5. For the Workflow Type select Authentication

  6. Click Next
  7. In the Activities tab, click on Password Gate
  8. Click on Add Activity

  9. Click on Select
  10. You should see Challenge user for Active Directory Password
  11. Click on Save
  12. Click on Add Activity
  13. Select Lockout Gate

  14. Click on Select
  15. Keep the defaults or customize the SSPR lockout policy
  16. Click Save
  17. Click on Add Activity
  18. Select QA Gate

  19. Click on Select

Step 2

In Step 2, we will enter our French questions.

  1. Click Save
  2. The workflow should look like this:

  3. Click Finish
  4. Click Submit 

14.  Create the criteria-based set "Password Reset Users FR-FR Set"

  1. Click on Administration
  2. Click on Sets
  3. Click on New
  4. In the Display Name enter Password Reset Users FR-FR Set
  5. Click on Next
  6. Click on the all resources link
  7. Select user
  8. Click on Add Statement
  9. Select Preferred Language
  10. For the value of Preferred Language enter FR-FR

  11. Click on Finish
  12. Click on Submit

15.  Create request MPR "Anonymous users FR-FR can reset their password"

  1. Click on Administration
  2. Click on Management Policy Rules
  3. Display Name: Anonymous users FR-FR can reset their password
  4. Type: Request
  5. Specific Set of Requestors: Anonymous Users
  6. Operation: Modify a single-valued attribute
  7. Permission: Grants permission
  8. Click Next
  9. Target Resource Definition Before Request: Password Reset Users FR-FR Set
  10. Target Resource Definition After Request: Password Reset Users FR-FR Set
  11. Resource Attributes: Reset Password
  12. Click Next
  13. In Authentication Workflows select Password Reset AuthN FR-FR Workflow
  14. In Action Workflows select Password Reset Action Workflow
  15. Click Finish
  16. Click Submit

16.  Add set “Password Reset Users FR-FR Set" to "Password Reset Objects Set"

  1. Click on Password Reset Objects Set
  2. Click on the tab Manually-managed Members
  3. In the Members to Add, enter Password Reset Users FR-FR Set
  4. Click OK
  5. Click Submit

17.  Update the MPR “Password Reset Users can update the lockout attributes of themselves”

  1. Click on Administration
  2. Click on Management Policy Rules
  3. Click on Password Reset Users can update the lockout attributes of themselves
  4. Click on the tab Target Resources
  5. Target Resource Definition Before Request: Password Reset Users (All) Set
  6. Target Resource Definition After Request: Password Reset Users (All) Set

18.  Add Workflow "Password Reset AuthN FR-FR Workflow" to "Password Reset Objects Set"

  1. Click on Password Reset Objects Set
  2. Click on the tab Manually-managed Members
  3. In the Members to Add, enter Password Reset AuthN FR-FR Workflow
  4. Click OK
  5. Click Submit

19.  Add MPR "Anonymous users FR-FR can reset their password" to " Password Reset Objects Set"

  1. Click on Password Reset Objects Set
  2. Click on the tab Manually-managed Members
  3. In the Members to Add, enter Anonymous users FR-FR can reset their password
  4. Click OK
  5. Click Submit

20.  Test an account with preferredLanguage = FR-FR

  1. Login to the Registration Site with someone with preferredLanguage = FR-FR

    You should now see your French registration questions

     

     


See Also